CVE-2017-11165
published 2017-07-12CVE-2017-11165: dataTaker DT80 dEX 1.50.012 allows remote attackers to obtain sensitive credential and configuration information via a direct request for the…
PriorityP273critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
64.13%
99.1th percentile
dataTaker DT80 dEX 1.50.012 allows remote attackers to obtain sensitive credential and configuration information via a direct request for the /services/getFile.cmd?userfile=config.xml URI.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| thermofisher | dt80_dex_firmware | — | — |
Detection & IOCsextracted from sources · hover to see the quote
sigma↗
matchers: words: ['COMMAND_SERVER', '', 'config id="config'] AND header: 'text/xml' AND status: 200
- →Detect unauthenticated GET requests to /services/getFile.cmd?userfile=config.xml — a successful response (HTTP 200) with Content-Type text/xml containing 'COMMAND_SERVER' and 'config id="config' indicates active exploitation of the information disclosure vulnerability. ↗
- →Use Shodan/FOFA/Google dorks to identify exposed DataTaker DT80 dEX devices: shodan-query 'http.title:"datataker"', fofa-query 'title="datataker"', google-query 'intitle:"datataker"'. ↗
- →Response body from the vulnerable endpoint leaks plaintext credentials (username and password) embedded in the config.xml output. ↗
- ·The vulnerability affects DataTaker DT80 dEX firmware version 1.50.012 specifically; the exploit-db advisory also references version 1.350.012, suggesting multiple firmware branches may be affected. ↗
- ·No authentication is required to exploit this endpoint; the attack is fully unauthenticated and network-accessible (CVSS AV:N/AC:L/PR:N/UI:N). ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
DataTaker DT80 dEX 1.50.012 - Information Disclosure
exploitdb·2017-07-11·CVSS 9.8
CVE-2017-11165 [CRITICAL] DataTaker DT80 dEX 1.50.012 - Information Disclosure
DataTaker DT80 dEX 1.50.012 - Information Disclosure
---
[+] Title: DataTaker DT80 dEX 1.50.012 - Sensitive Configurations Exposure
[+] Credits / Discovery: Nassim Asrir
[+] Author Contact: [email protected] || https://www.linkedin.com/in/nassim-asrir-b73a57122/
[+] Author Company: Henceforth
[+] CVE: CVE-2017-11165
Vendor:
http://www.datataker.com/
About:
The dataTaker DT80 smart data logger provides an extensive array of features that allow it to be used across a wide variety of applications. The DT80 is a robust, stand alone, low power data logger featuring USB memory stick support, 18 bit resolution, extensive communications capabilities and built-in display.
The dataTaker DT80’s Dual Channel concept allows up to 10 isolated or 15 common referenced analog inputs to be used in
Nuclei
DataTaker DT80 dEX 1.50.012 - Information Disclosure
nuclei·CVSS 9.8
CVE-2017-11165 [CRITICAL] DataTaker DT80 dEX 1.50.012 - Information Disclosure
DataTaker DT80 dEX 1.50.012 - Information Disclosure
DataTaker DT80 dEX 1.50.012 is susceptible to information disclosure. A remote attacker can obtain sensitive credential and configuration information via a direct request for the /services/getFile.cmd?userfile=config.xml URI, thereby possibly accessing sensitive information, modifying data, and/or executing unauthorized operations.
Template:
id: CVE-2017-11165
info:
name: DataTaker DT80 dEX 1.50.012 - Information Disclosure
author: theabhinavgaur
severity: critical
description: |
DataTaker DT80 dEX 1.50.012 is susceptible to information disclosure. A remote attacker can obtain sensitive credential and configuration information via a direct request for the /services/getFile.cmd?userfile=config.xml URI, thereby possibly accessing sensi
No writeups or analysis indexed.
https://packetstormsecurity.com/files/143328/DataTaker-DT80-dEX-1.50.012-Sensitive-Configuration-Exposure.htmlhttps://www.exploit-db.com/exploits/42313/https://packetstormsecurity.com/files/143328/DataTaker-DT80-dEX-1.50.012-Sensitive-Configuration-Exposure.htmlhttps://www.exploit-db.com/exploits/42313/
2017-07-12
Published